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0013331 159 & & Drawing available 
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Community communication system e.g. for home control system, uses central server to execute 
automated communication based on negotiation of exchange contracts between satellite control 
systems 

Patent Assignee: BLATTNER D O (BLAT-I); BLATTNER M M (BLAT-I); KAMEGAI M (KAME-I) 
Inventor: BLATTNER D O; BLATTNER M M; KAMEGAI M 
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Alerting Abstract US Al 

NOVELTY - A data transfer module of a central server (300) executes an automated communication based 
on negotiation of exchange contracts between multiple satellite control systems (201) such that one of the 
satellite control systems revokes or suspends the exchange contract in response to the automated 
communication. 

DESCRIPTION - INDEPENDENT CLAIMS are included for the following: 

1 . method of communication computer system; 

2. message distribution system; and 

3. method for facilitating data exchange between computer systems. 

USE - For providing communication link between individual community systems such as home control 
systems, office control systems, public utility and service systems and electronic objects in homes, offices, 
retail establishment, service providers and emergency services for delivering traffic hazards and emergency 
information to police and weather reports. 

ADVANTAGE - The system makes use of intelligent software agents by which individual subscribers can 
communicate with the central system, thereby providing wide range of functionalities and services at 
reduced costs. 

DESCRIPTION OF DRAWINGS - The figure shows the block diagram of the software architecture of the 
satellite control system. 
201 satellite control systems 
300 central server 
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Recommended committed information rate determining method for frame relay network, has 
permanent virtual circuit trend analysis report logic that calculates recommendation to change rate 
of frame relay network to specific value 

Patent Assignee: PARADYNE CORP (PDYN) 
Inventor: MAWHINNEY T N; SILVA R; SWIFT L 
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Alerting Abstract US B 1 

NOVELTY - The system has a permanent virtual circuit trend analysis report logic retrieving historical 
information and tolerance information from a database. The tolerance and historical information are 
analyzed. The logic calculates a recommendation to change a committed information rate (CIR) of a frame 
relay network to a specific value based on the analysis. The analysis and the recommendation are displayed 
to a user. 

DESCRIPTION - INDEPENDENT CLAIMS are also included for the following: 

4. a method for automatically assessing the data transmission performance of the network 

5. a computer readable medium having a program for automatically assessing the data transmission 

performance of the network. 

USE - Used for determining a recommended committed information rate (CIR) in a frame relay network. 
ADVANTAGE - The system automatically analyzes the historical information and the recommend 
adjustment to a network service parameter. The system automatically determines whether the frame 
relay network performs at a level agreed upon in a service level agreement (SLA). The system 
automatically determines whether the CIR needs to be increased based on an actual performance on the 
network. The system automatically recommends a specific amount of increase or decrease in the CIR. The 
system automatically predicts when the recommendation for a specific amount of increase or decrease in 
the CIR will be needed. 

DESCRIPTION OF DRAWINGS - The drawing shows a flow diagram illustrating an operation of a 
permanent virtual circuit (PVC) trend analysis report logic. 
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Service level agreement request method for cable television network, involves initializing network 
device with configuration file by setting parameters for class-of-service for desired service level 
agreement 

Patent Assignee: 3COM CORP (THRE-N) 
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Alerting Abstract US Bl 

NOVELTY - A statically reserved network address is transmitted to a network device including a cable 
modem (CM) from a cable modem termination system (CMTS), when the network device requests a 
desired service level agreement during a boot sequence. The configuration files are loaded for initializing 
the network device, by setting several parameters for class-of-service or quality-of-service for desired 
agreement. 

DESCRIPTION - An INDEPENDENT CLAIM is also included for computer readable medium storing 
service level agreement requesting program. 

USE - For requesting service level agreement in data-over-cable system e.g. cable television network. 
Also applicable for data-over-cable system with and without telephony return for providing access routing 
for asynchronous transfer mode (ATM), asymmetric digital subscriber lines (ADSL), voice over internet 
protocol (VoIP). 

ADVANTAGE - Allows service level agreements to be used on data-over-cable system without adversely 
affecting performance of throughput on the data-over-cable system. 

DESCRIPTION OF DRAWINGS - The figure shows a flowchart explaining service level agreement 
requesting method. 
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Network management method involves identifying group view and network projects which have poor 
status based on respective indicators for displaying corresponding message 
Patent Assignee: HEWLETT-PACKARD CO (HEWP) 
Inventor: RICHARDSON D E 
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Alerting Abstract USB 1 

NOVELTY - The characteristics of each network object of the group view which consists of status 
indicator are defined, monitored and stored in a file. Several containers corresponding to the group views 
are displayed. The containers and the network objects consists of respective status indicators based on 
which the group views and network objects identified to have poor status are sequentially indicated. 
USE - For monitoring the status of network components such as personal computers, work-stations, 
servers, routers, bridges, print servers, etc., also electronic-mail (e-mail) browsers, service level 
agreements, etc., using simple network management protocol and common management information 
protocol. 

ADVANTAGE - The message is indicating the fault conditions are displayed in detail for immediate 
correction by the administrator before the users are affected. 

DESCRIPTION OF DRAWINGS - The figure explains editing of group view information. 
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Management of e.g. internet and telephone services over communication network, involves mapping 
service requirement information onto model of communication network to determine relation 
between the requirement and network 

Patent Assignee: NORTEL NETWORKS LTD (NELE) 
Inventor: CROSS S; CROSS S C; SHORE M; SHORE M M 
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Alerting Abstract EP A2 

NOVELTY - The information about service requirements through an user interface is received and stored 
using pre-specified representation. Some of the information is mapped onto a model of communication 
network and the relationship between service requirements and communication network (10), is 
determined. The services are managed based on the determined relationship. 
DESCRIPTION - INDEPENDENT CLAIMS are also included for the following: 

6. Service management system for managing services provided over communication network; 

7. Communication network; 

H. Computer program to control service management system 

USE - For managing multiple services such as internet service, telephone services over a communication 
network. 

ADVANTAGE - As the information from service level agreement is represented using a pre-specified 
representaticm and is used to manage more services, a service provider is enabled to manage services 
efficiently and to take into account information from service level agreements quickly arid easily. As the 
services of different classes and service requirements vary according to service class, a service provider is 
enabled to manage services such as premium rate and best effort services in efficient and effective manner. 
DESCRIPTION OF DRAWINGS - The figure shows the schematic diagram of connectionless 
communication network. 
10 Communication network 
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Computer network business process oriented enterprise software system includes process agencies 
and proxy agents which dynamically collaborate to monitor and manage business process during its 
life cycle 

Patent Assignee: EXTERPRISE INC (EXTE-N) 
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Alerting Abstract WO A2 

NOVELTY - The system has multiple process agencies and proxy agents. The agencies and appnt s are 
dynamically collaborated to manage the business process during t fc - ' " Woke 
and manage operation of any one associated sub-process using ess 
participant knowledge and meta processes. 
DESCRIPTION - The agencies each invoke and manage opera 
into roles. Each process agency uses process participant knowh 
perform each associated sub-process and to monitor status of dt 
processes to monitor and dynamically reconfigure the correspoi 
sub-processes, if necessary. Multiple proxy agents each represei 
participant capabilities and availability. Each proxy agent negoti 
determine role assignments for corresponding participant and m* 
performed by participant in any one or more of the sub-processes. 
USE - For use in business organizations. 

ADVANTAGE - Allows active entities to be defined that serve as proxies for persons in the system and 
provides dynamic and configurable interfaces for their owners. Allows for integration of end-to-end service 
level objectives and ensures that these objectives are achieved at the process or at service execution level. 
Allows users to capture business process concepts and business participants models directly into the 
systems as adaptive, dynamic and active entities that can change and evolve as changes occur in the 
business processes, participant behavior, and business process environment. Meta processes are 
incorporated to monitor measure, change and evolve business processes implemented by the system. 
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Optimal task allocation system 
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Alerting Abstract WO A 1 

NOVELTY - Individually rational agents (re)-contract tasks among themselves based on marginal costs 
and a task allocation graph is introduced as a tool for analyzing contract types. Traditional single task 
contracts always have a short path to the optimal task allocation but an individually rational path may not 
exist or may be short. The shortest individually rational path is found using an algorithm 
USE - Contracting protocols for automatic negotiations that can be implemented in connection with 
computer network 

ADVANTAGE - Achieving optimal or at least improved task allocation among agents 
DESCRIPTION OF DRAWINGS - The drawing shows an example of a multi agent contract involving 
three agents that can be used in connection with some embodiments of present invention. 
302 Agent 1 tasks 
304 Agent 2 tasks 
306 Agent 3 tasks 
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Dynamic interface production system for host computer database and remote system - has event 
contract interface sub-system which receives messages from event trigger module 
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Alerting Abstract US A 

The system (12) includes an event table subsystem (16) which has an input unit to associate external system 
field names with the field names of host system as interface condition definition. The input unit defines 
events in terms of dynamic and static conditions. A definition database stores tables of events, field names 
and interface conditions. An event trigger subsystem (20) connected to host database, comprises a clue 
module (24) containing user defined tags associated with dynamic conditions. The changes in host database 
is analysed to identify dynamic conditions that indicate an occurrence of event. 

An event contract interface subsystem (18) interposed between other subsystems, receives messages from 
event trigger module when an event occurs. The received messages are analysed for static and dynamic 
conditions to determine whether event actually occurred. Then, an interface condition tag value pair 
message is created and send to external systems (14) based on interface contract definition from definition 
database. 

ADVANTAGE - Allows conditions to be set by user. Allows user to generically define events. Avoids 
modification of interface condition code. 



12/5/15 (Item 15 from file: 350) Links 

Fulltext available through: Order File History 
Derwent WPIX 

(c) 2008 The Thomson Corporation. All rights reserved. 

000884 1 065 & & Drawing available 
WPIAccno: 1998-387487/199833 
XRPX Acc No: N1998-302215 

Network configuration management system for digital communication network e.g. video dial tone 
network - has contract system which assigns identified logical assignments to provisioned logical 
assignments so as to provide specific infrastructure option between specified locations 
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The system includes a library which identifies relationship between first, second and third group of objects. 
The first group of objects represent respective parameters of an infrastructure component/The second 
group of objects represent respective characteristics of an infrastructure option. The third group of objects 
represent the available physical connections for connecting several infrastructure components in a specified 
pattern. Based on the identified relationship a logical configuration for each of the infrastructure 
components, is chosen. Parameters with corresponding connection sequences are also selected for obtaining 
a particular infrastructure option. A model system creates provisioning models which identify infrastructure 
components performing respective infrastructure option. 

The provisioning models comprise first and second handoff objects which identify first and second 
connection of corresponding provisioning model. A location object identifies a path of the corresponding 
provision model The model system comprises a routing algorithm for assembling a sequence of 
provisioning models. A minimum of one path model is provided to supply the corresponding infrastructure 
options between specified locations. An inventory system identifies logical assignments from the library, 
for providing infrastructure options in accordance with the provisioning models and provisioned logical 
assignments. A contract system assigns the identified logical assignments to the provisioned logical 
assignments so as to provide a specific infrastructure option between specified locations. 
ADVANTAGE - Improves network transport capacity. Improves flexibility. 
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Claims: ...decision tree having a multiplicity of decision nodes, each said decision node corresponding to a 
component of said system ; 

(g) comparing a plurality of relationships within said system between said system performance data and... 
...said nodes, whereby said modification iteratively optimises said performance monitoring of said system; 
and 

(i) automatically updating an adaptive system model according to newly discovered relationships. 

2. The method according to claim 1, wherein said monitoring and collecting, the step of: 

generating a test program pursuant to at least one service level agreement, said plurality of nodes for 
monitoring and performance data collection being selected pursuant to said at least one service level 
agreement. 

4. The method according to claim 3, wherein said test program targets a target component within said 
system, said target component being selected from the group consisting of a system hardware resource and 

a system software to claim 4, wherein said target component targeted by said test program is an 

underperforming system component, whereby said step of modifying modifies said steps of continuously 
monitoring and collecting said performance data on said underperforming system component. 

7. The method according to claim 1, wherein said step of modifying modifies the periodicity... ...decision 

tree having a multiplicity of decision nodes, each said decision node corresponding to a component of said 
system ; 

comparison means for comparing a plurality of relationships within said system between said system 
performance for the continuous monitoring and collection, respectively, of said performance data; and 

updating means for automatically updating an adaptive system model according to newly discovered 
relationships. 

29. The system according to claim 28, wherein said comprises: 

test program generation means for generating a test program pursuant to at least one service level 
agreement. 

30. The system according to claim 29, wherein said test program targets a target component within said 
system. 



31. The system according to claim 30, wherein said target component substantially corresponds to a.. 
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Specification: ...is needed is a method and apparatus for monitoring the performance of a multi-user 
computer system under a variety of loading and processing conditions, and for making dynamic 

adjustments to both must not overwrite any portion of the basic operating system which would 

jeopardize warranty or service contract agreements on large multi-user systems. SUMMARY 

In view of the above problems in the art, one purpose of the present invention is to provide a method of 
dynamically adjusting system control parameters in a multi- user or multi-process computer to optimize 
utilization of computer user or process. 



An advantage of the present invention is that the resources of the computer system are automatically 
adjusted at periodic intervals to accommodate even highly dynamic load conditions. 
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English Abstract: 



...system environment, where network bandwidth (84) and service types are provided by one or more 
service level agreements (SLAs) by monitoring multiple components of the network so as to identify the 
current status of multiple service level agreements (88); by determining the current scale and scope of the 
network; and by automatically adjusting a service level agreement based on the current scale and scope 
of the network in view of the status of multiple service level agreements. 

Detailed Description: 

...unique report for that specific customer's data which identifies the key parameters being.measured. 
Service level agreement for that customer. 

Management and network state (e.g., if there is any available management access lists, passwords, and 

configured filters for specific information types. 

Thus, as a customer's SLA changes, the system automatically distributes the appropriate changes to the 
management control system identifying the changed "data" to which... ...any one network management 

system. In order to accomplish this task, the method monitors multiple components within the network in 

order to automatically characterize and measure multiple 

2 

service level agreement parameters. By monitoring these parameters, infonnation with respect to the 

network service providers, and network key component of the method is to have specific configuration 

information for accessing each section/component of the network as supplied by the proprietor of that 
component. The automatic nature of the invention is.. .situations in 
which the network load is greater than a predetermined percentage for a 

specific network component (such as a specific network element or application) in which case no further 

management control is allowed. Another example is 

a service level agreement which is changed automatically and the change 

requires that network providers have access to additional specific management products associated with 
the user network and specific... 



Claims: 

...management system environment, where network bandwidth and service types are provided by one or 
more service level agreements (SLAs), comprising the steps ofl) monitoring multiple components of the 
network so as to identify the current status 

of multiple service level agreements;2) determining the current scale and scope of the network; and3) 
automatically adjusting a service level agreement based on the current scale andscope of the network in 
view of the status of the multiple service levelagreements. 

2 A method of automatically identifying and setting the level of management access privilege that... 
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Detailed Description: 



...schedule or a supplier's schedule 

or both. The present invention also facilitates 

rescinding a contract between a fabricator and a supplier 

when the rescinded contract does ...a 

variety of industries and is not limited to the home 

building industry 

A preferred computer network system for 
carrying out methods of synchronizing a fabrication 
schedule with a plurality of supplier schedules, 
according to the present invention, is a dynamic system 
wherein schedule changes made by a network member ripple 
down to all network members and are automatically 
integrated within the schedule of each respective network 



member as appropriate. For example, if rain delays the 

framing of a house, the lumber yard terminals in communication with a central data processing 

system 

Referring now to Fig. 1, a computer network 
system 10 for synchronizing schedules and facilitating 
SUBSTITUTE SHEET (RULE 26) 
the flow of information between ... 
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Specification: ...agreements and to define new classes of service. Other examples included assisting with 
negotiation of service level agreements and enabling network configuration details to be automatically 
generated in order to meet service level agreements. Another example is that of automatically 
configuring operational support systems such as performance and fault monitoring systems in order that 
they take account of service... 
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Abstract: The problem connected with multimedia system deals mainly in software management of host 
systems. The need to guarantee the execution of the tasks involved in multimedia makes the RTOS the 
correct environment into which work. But the peculiarities of multimedia task need some modification 
mainly in scheduling algorithms. A proposal of one scheduling algorithms is presented in this paper. 
(Author abstract) 5 Refs. 
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Abstract: 

Several base elements for the provision of quality of service guarantees have been developed in the recent 
past. Of these, the Differentiated Services (DiffServ) architecture stands out as the most promising. In spite 
of this, various issues remain, especially when multidomain DiffServ services are concerned. In this case, 
some forms of distributed management of Service Level Agreements that allow the specification, 
exchange, enforcement and monitoring of quality of service data must be in place. Although, again, some 
isolated solutions exist for each of these problems, considerable effort is necessary to make them work 
together. The project presented in this paper tried to assess the feasibility of providing differentiated quality 
of service in satellite IP networks, by developing a dynamic Service Level Agreement management 
solution for an IP over Digital Video Broadcast Satellite system. The functionality of the implemented 
system comprises system configuration, dynamic SLA negotiation, QoS monitoring and metering, SLA 
conformance checking, and QoS reporting to customers. 
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A dynamic framework for quality-of-service (QoS) control of video applications is presented. The 
framework allows flexible, robust and efficient video delivery with application-level QoS support. Key 
components of the framework are: client QoS renegotiation, server source rate control and dynamic 
network bandwidth allocation. The coordinated functionality of these distributed components provides 
soft-QoS to adaptive applications. A new transport model, called $VBR\sp+$, supports renegotiation of 
bandwidth and soft-QoS between the server and the network during the session. A soft-QoS controller, at 
each network node, dynamically allocates bandwidth to connections. The research combines theoretical 
and experimental work leading to the framework's performance evaluation. Results show that: (1) 
bandwidth renegotiation significantly improves the quality of variable bit-rate (VBR) compressed video, 
(2) network capacity can effectively be doubled while providing soft-QoS, (3) soft-QoS control is robust to 
network load and gracefully degrades application-level performance during congestion, (4) signaling load 
and network processing requirements are controllable, and can be reasonably supported within the 
capabilities of the new generation broadband network nodes, (5) at moderate loads, a market-based model 
can be used to implement a distributed soft-QoS controller and to tariff bandwidth usage according to users' 
valuations. 

Finally, a proof-of-concept prototype of a video browser with user-level control of soft-QoS is 
implemented within the proposed framework. The implementation uses a distributed software architecture 
that represents soft-QoS requirements by software objects, called service contracts. These objects are 
exchanged among servers, network nodes, and clients to achieve distributed soft-QoS control. 
Experiences with the proto-type and its performance are discussed. 
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Abstract: 

Modern network services provided by frame relay (FR) or asynchronous transfer mode (ATM) networks 
show a wide variety of service characteristics and related quality of service, which amounts to a 
tremendous diversity of tariff structures. One of the network provider's objectives is to maximize the 
chargeable utilization of the network. This is intended to be achieved by a traffic contract on a per- 
connection basis. The network service user's interest is, of course, to minimize the cost for usage of the 
service. This can be achieved by traffic-contract-conformant behavior. In order to avoid (chargeable) 
injection of data that will be lost due to congestion in the network, the user has to adapt to the congestion 
state of the network by interpreting the congestion information provided by the network service. If the 
network user is logically mapped to the lowest end-to-end layer (i.e., the transport layer), the adaptive 
behavior has to be realized by adaptive rate control in this layer. This article analyzes the upcoming 
network services and their tariffs, demonstrates the advantage of rate control by a congestion avoidance 
algorithm, and the applicability of this concept to the telemetry and scientific data distribution applications 
of the European Space Agency (ESA). 
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Current Internet usage for commercial applications is increasing exponentially. Electronic commerce 
trends are demanding greater security for network-enabled collaboration as well as business transactions 
that use Virtual Private Networks (public networks supporting communication between private hosts). 
Security measures are also necessary to enable applications for network rating standards, law enforcement, 
air traffic control, and wireless communications. Thus, the growth of commercial electronic communication 
demands a growth in security provision. Augmenting traditional data transport with security measures 
performed at end hosts can potentially degrade the performance of networked applications, creating an 
inherent security vs. performance tradeoff. 

This thesis addresses this tradeoff by adapting to current system loads and security requirements to 
provide adaptive security through dynamic resource allocation. This work targets multi-stream, networked 
collaborative applications running on heterogeneous, unstructured distributed computing platforms that 
resemble subsections of the Internet. The goal is to minimize security risk by enabling CPU and network 
resources to be available and dynamically applied to security operations as needed for application streams 
to vary their security levels. 

As the demand for network-based applications grows, the instances of changes in end-host connection 
requirements increase. Systems must have the capability to dynamically adapt security provision to 
changing requirements of hosts, networks, and applications. To address this need, this thesis presents a 
framework which incorporates admission control and run-time adaptive methods for per-stream security 
resource contracts within which these issues are addressed. This work comprises the following 
contributions: (1) formulation of new metrics to quantify performance and security; (2) formulation of 
rational mapping of user-requested security level to CPU resources; (3) formulation of heuristics for 
dynamically altering security level based on current resource allocation.(patent penaMrilf; (4) formulation ^ 
of the concept of risk as it applies to adaptive security; (5) formulation of jmnToptimization of 
computation resources for overall risk minimization; and (6) application of the mapping of security level to 
CPU and network resources to enable: (a) global tracking of resource availabilities of all registered end- 
hosts, (b) criticality-based risk management, and (c) on-line global optimization to minimize 
“exposure” for a system of multiple application connections between multiple hosts. 
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ABSTRACT 



The present disclosure relates to a method for communicat- 
ing and applying adaptive security to a data stream com- 
prising a plurality of data packets. The method comprises the 
steps of identifying a desired security level range and a 
desired actual security level which falls within the desired 
security level range. The availability of a number of security 
processor operations at the host is determined so that, if 
needed, computing resources at the host can be reallocated 
to ensure that the data stream can be verified at the desired 
actual security level. If there are not sulfide nt resources 
available for reallocation at the host, communication 
resources can be reallocated, for example by changing the 
bandwidth of the data stream or another incoming data 
stream. With this method, the actual security level will be 
kept within the desired security level range. 

31 Claims, 13 Drawing Sheets 
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program can be electronically captured, via for instance 
optical scanning of the paper or other medium, then 
compiled, interpreted or otherwise processed in a suitable 
manner if necessary, and then stored in a computer memory. 

Many variations and modifications may be made to the 
above-described embodiment(s) of the invention without 
departing substantially from the spirit and principles of the 
invention. All such modifications and variations are intended 
to be included herein within the scope of the present 
invention. 

We claim: 

1. A method for applying adaptive security to a data 
stream, comprising the steps of: 

identifying a desired security level range and a desired 
actual security level which falls within the desired 
security level range for communicating a data stream 
from a send host to a receive host; 

determining an actual security level in the receive host 
based upon the availability of a number of security 
processor operations; 

communicating the actual security level from the receive 
host to the send host; 

generating a plurality of data packets associated with the 
data stream in the send host, the data packets having an 
authentication header including the desired security 
level range and the actual security level; 

reallocating computing resources at the receive host if 
data packets cannot be verified at the desired actual 
security level with a current allocation of resources; 
and 

verifying the data packets at the actual security level, the 
actual security level being within the desired security 
level range. 

2. The method of claim 1, further comprising the step of 
altering the actual security level in the send host using a 
security level thermostat. 

3. The method of claim 1, wherein the step of reallocating 
computing resources at the receive host comprises identify- 
ing the availability of a number of security operations per 
second (SOPS) employed in non-critical operations at the 
receive host and reallocating these SOPS for processing the 
data stream. 

4. The method of claim 1, further comprising the step of 
determining the bandwidth of the data stream being sent 
from the send host to the receive host. 

5. The method of claim 4, further comprising the step of 
•reallocating communication resources if there are insuffi- 
cient computing resources available for reallocation at the 
receive host. 

6. The method of claim 5, wherein the step of reallocating 
communication resources comprises adjusting the band- 
width of the data stream. 

7. The method of claim 6, further comprising the' step of 
identifying the number of security operations per second 
(SOPS) that will be required to process the data stream and 
comparing this number with the number of SOPS available 
at the receive host to determine the amount of bandwidth 
adjustment needed. 

8. The method of claim 6, wherein the bandwidth is 
adjusted by decreasing data transmission rate. 

9. The method of claim 6, wherein the bandwidth is 
adjusted by increasing a data portion of the data packets to 
lower a security: message ratio of the data packets. 

10. The method of claim 6, further comprising the step of 
calibrating the computing resources with the communication 
resources. 
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11. A method for communicating and applying adaptive 
security to a data stream comprising a plurality of data 
packets, comprising the steps of: 

identifying a desired security level range and a desired 
actual security level which falls within the desired 
security level range for the data stream to be received 
by a host; 

determining the availability of a number of security 

processor operations at the host; 
reallocating computing resources at the host if the data 

stream cannot be verified at the desired actual security 

level; 

reallocating communication resources if there are insuf- 
ficient computing resources available for reallocation at 
the host; and 

verifying the data packets at the actual security level, the 
actual security level being within the desired security 
level range. 

12. The method of claim 11, wherein the step of reallo- 
cating computing resources at the host comprises identifying 
the availability of a number of security operations per 
second (SOPS) employed in non-critical operations at the 
host and reallocating these SOPS for processing the data 
stream. 

13. The method of claim 11, wherein the step of reallo- 
cating communication resources comprises adjusting the 
bandwidth of the data stream. 

14. The method of claim 13, further comprising the step 
of identifying the number of security operations per second 
(SOPS) that will be required to process the data stream and 
comparing this number with the number of SOPS available 
at the receive host to determine the amount of bandwidth 
adjustment needed. 

15. The method of claim 13, wherein the bandwidth is 
adjusted by decreasing data transmission rate. 

16. The method of claim 13, wherein the bandwidth is 
adjusted by increasing a data portion of the data packets to 
lower a security: message ratio of the data packets. 

17. The method of claim 11, further comprising the step 
of calibrating the computing resources with the communi- 
cation resources. 

18. A system for facilitating data communication to a host 
with adaptive security, comprising: 

means for determining whether a desired actual security 
level for a transmitted data stream falls within a desired 
security level range; 

means for determining the availability of a number of 
security processor operations at the host; 

means for reallocating computing resources at the host if 
the data stream cannot be verified at the desired actual 
security level; and 

means for reallocating communication resources if there 
are insufficient computing resources available for real- 
location at the host. 

19. The system of claim 18, wherein the means for 
determining the availability of a number of security proces- 
sor operations comprises means for determining a processor 
time availability by examining a resource tracking table for 
a non-critical processor time usage of at least one existing 
data stream. 

20. The system of claim 18, wherein the means for 
determining the availability of a number of security proces- 
sor operations comprises means for identifying the avail- 
ability of a number of security operations per second (SOPS) 
employed in non-critical operations at the host and reallo- 
cating these SOPS for processing the data stream. 
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21. The system of claim 18, wherein the means for 
reallocating communication resources comprises means for 
adjusting the bandwidth of the data stream. 

22. The system of claim 21, wherein the means for 
adjusting the bandwidth of the data stream comprises means 
for decreasing the data transmission rate. 

23. The system of claim 21, wherein the means for 
adjusting the bandwidth of the data stream comprises means 
for increasing a data portion of data packets of the data 
stream to lower a security: message ratio of the data packets. 

24. The system of claim 18, further comprising means for 
calibrating the computing resources with the communication 
resources. 

25. A computer program embodied on a computer- 
readable medium for facilitating data communication to a 
host with adaptive security, comprising: 

logic configured to determine whether, a desired actual 
security level for a transmitted data stream falls within 
a desired security level range; 

logic configured to determine the availability of a number 
of security processor operations at the host; 

logic configured to reallocate computing resources at the 
host if the data stream cannot be verified at the desired 
actual security level; and logic configured to reallocate 
communication resources if there are insufficient com- 
puting resources available for reallocation at the host. 

26. The computer program of claim 25, wherein the logic 
configured to determine the availability of a number of 
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security processor operations comprises logic configured to 
determine a processor time availability by examining a 
resource tracking table for a non-critical processor time 
usage of at least one existing data stream. 

27. The computer program of claim 25, wherein the logic 
configured to determine the availability of a number of 
security processor operations comprises; logic configured to 
identify' the availability of a number of security operations 
per second (SOPS) employed in non-cfitical operations at 

1 the host and reallocate these SOPS available for processing 
the data stream. 

28. The computer program of claim 25, wherein the logic 
configured to reallocate communication resources comprises 

, logic configured to adjust the bandwidth of the data stream. 

29. The computer program of claim 28,:wherein the logic 
configured to adjust the bandwidth of the data stream 
comprises logic configured to decrease the data transmission 
rate. 

I 30. The computer program of claim 28, wherein the logic 
configured to adjust the bandwidth of the data stream 
comprises logic configured to increase a data portion of data 
packets of the data stream to lower a security: message ratio 
of the data packets. 

. 31. The computer program of claim 25, further compris- 
ing logic configured to calibrate the computing resources 
with the communication resources. 

* * * * * 
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Abstract: Most current approaches in designing and implementing distributed multimedia (MM) 
presentational applications have concentrated on the performance of the continuous media file servers in 
terms of seek-time overhead and real-time disk scheduling; particularly, the quality of service (QoS) 
negotiation mechanisms they provide are used in a rather static manner, i.e. these mechanisms are restricted 
to the evaluation of the capacity of certain system components. In contrast to those approaches, we 
propose a general QoS negotiation framework that supports the dynamic choice of a configuration of 
system components to support the QoS requirements of the user of a specific application: we consider 
different possible system configurations and select an optimal one to provide the appropriate QoS support. 
We document the design and implementation of a QoS negotiation procedure for distributed MM 
presentational applications, such as news-on-demand. The negotiation procedure described is an 
instantiation of the general framework for QoS negotiation. Our proposal differs in many respect with the 
negotiation functions provided by existing approaches: (1) the negotiation process uses an optimization 
approach to find a configuration of system components which supports the user requirements, (2) the 
negotiation process supports the negotiation of a MM document and not only a single monomedia object, 
(3) the QoS negotiation takes into account the cost to the user; (4) the negotiation process may be used to 
support automatic adaptation to react to QoS degradations, without intervention by the user/application. ( 
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Abstract: A network communications switch which changes the service characteristics (bandwidth) 
dynamically to accommodate variations in packet waiting time is described. This analysis is applicable to 
data communications such as ATM, which is an example of B-ISDN that multiplexes many users of any bit 
rate up to the high-speed trunk rate. A method of traffic control is presented that allows bandwidth 
allocation based on the waiting time of the packets (cells). The output buffer of a network switch is 
modelled by investigating the characteristics of the stationary waiting time process using an imbedded 
Markov chain. The resulting steady state equations are solved by means of theoretical, numerical, and 
simulation techniques. The primary focus of this analysis is on bursty arrivals modelled by the 
hyperexponential distribution and a service distribution which is a function of the cell waiting time. 
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Abstract: In this paper, we study connection-oriented service in heterogeneous network for real-time 
applications. Many existing distributed mission-critical systems are deployed over heterogeneous networks. 
Hence, it is necessary to extend the real-time communication technology to encompass heterogeneous 
networks. A connection can be considered as a contract between an application and the network: the 
application specifies the characteristics of the traffic which it may generate and the network agrees to 
provide the requested quality of service (QoS) to the application. For real-time applications, the most 
crucial QoS is to meet deadline requirements. We propose a fuzzy intelligent system for connection 
admission control (CAC). Upon a request of connection establishment, the CAC determines if the worst 
case delays of the requesting and existing connections can be satisfied given the available network 
resources. If so, the CAC allocates appropriate network resources to the requesting connection. Our system 
uses fuzzy logic to capture the knowledge for adapting its strategy to dynamic system status. The ' 
parameters in fuzzy logic rule can be identified using genetic algorithms. Our approach is compatible with 
current network standards and hence can be readily used in practical systems. (Author abstract) 1 1 Refs. 
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Abstract: 

This paper proposes a neural fuzzy approach for connection admission control (CAC) with QoS guarantee 
in multimedia high-speed networks. Fuzzy logic systems have been successfully applied to deal with 
traffic-control-related problems and have provided a robust mathematical framework for dealing with real- 
world imprecision. However, there is no clear and general technique to map domain knowledge on traffic 
control onto the parameters of a fuzzy logic system. Neural networks have learning and adaptive 
capabilities that can be used to construct intelligent computational algorithms for traffic control. However, 
the knowledge embodied in conventional methods is difficult to incorporate into the design of neural 
networks. The proposed neural fuzzy connection admission control (NFCAC) scheme is an integrated 
method that combines the linguistic control capabilities of a fuzzy logic controller and the learning abilities 
of a neural network. It is an intelligent implementation so that it can provide a robust framework to mimic 
experts' knowledge embodied in existing traffic control techniques and can construct efficient 
computational algorithms for traffic control. We properly choose input variables and design the rule 
structure for the NFCAC controller so that it can have robust operation even under dynamic environments. 
Simulation results show that compared with a conventional effective-bandwidth-based CAC, a fuzzy-logic- 
based CAC, and a neural-net-based CAC, the proposed NFCAC can achieve superior system utilization, 
high learning speed, and simple design procedure, while keeping the QoS contract 
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Abstract: 

A distributed dynamic resource allocation (DDRA) strategy for a hierarchical cellular structure (HCS) is 
proposed. In the DDRA, resources are shared not only between cells of the same hierarchy, but between 
layers. The proposed DDRA strategy is evaluated using the hybrid time-division multiple-access/code- 
division multiple-access (TDMA/CDMA) proposal made in the future radio wide-band multiple-access 
system (FRAMES) Project Mode I (FMI) as a case study. A mixed environment is suggested for the 
evaluation of the DDRA, which consists of Manhattan-like microcells covered by hexagonal-shaped 
umbrella cells (macrocells). Users are classified according to their speed as slow- and fast-moving users 
and are attended to by the most suitable layer of the hierarchy according to their speeds. Two types of real- 
time circuit-switched services are considered in the evaluation: speech and data at different rates. The 
DDRA is compared with the fixed resource allocation (FRA) strategy with overflow and with FRA with 
overflow, handdown, and channel reallocations (FRANR) 

Descriptors: Dynamical systems; Dynamics; Resource allocation; Strategy; Hierarchies; Code division 
multiple access; Channels; Speech; Cellular structure; Circuits; Real time; Frames; Radio; Covering; 
Proposals 

Subj Catg: 20, Automotive Engineering (General); 25, Computer Communication Networks; 53, Radio 
Communications 



22/5/43 (Item 2 from file: 95) Links 
TEME-Technology & Management 
(c) 2008 FIZ TECHNIK. All rights reserved. 
00939967 E95 114127022 

Flow management in a quality of service architecture 
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Abstract: 

Quality of Service (QoS) in distributed systems supporting real-time and multimedia applications must be 
guaranteed system-wide, including end-systems, communications systems and networks. This paper 
concentrates primarily on the transport layer of such a system but also describes a generalised Quality of 
Service Architecture (QoS-A) used to specify and implement application defined QoS over all architectural 
layers. The central QoS-A concepts are flow, service contract and flow management. A flow is a 
unidirectional end-to-end data stream with a specific QoS requirement. Service contracts are binding 
agreements between users and providers at each architectural level involved in a flow. Flow management 
provides for the monitoring and maintenance of the contracted QoS levels of a flow over all layers. The 
paper first describes an enhanced transport service which permits extremely flexible QoS configuration for 
real-time and multimedia transport users. Subsequently, it shows how flow management concepts and 
mechanisms can ensure that QoS levels contracted at the transport service interface are maintained by the 
lower layers - i.e. the supporting network and operating system infrastructures. The work is placed in the 
wider context of a local ATM environment in which the QoS- A is currently being implemented. 

Descriptors: DISTRIBUTED PARAMETER SYSTEMS; REAL TIME METHOD; SYSTEM 
ARCHITECTURE; DATA FLOW; CONFIGURATION; COMPUTER INTERFACES; NETWORKS- 
-CIRCUITS; OPERATING SYSTEM- COMPUTERS; COMMUNICATION NETWORKS; 
PROTOCOLS; QUALITY 
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CAREER: An Architecture for Building Dynamic, Adaptive Systems 
Principal Investigator: Joseph, Anthony D 

Performing Org.: University of California-Berkeley, EECS, CS Division , Berkeley , CA 94720-1776 
Project Monitor: Sollins, Karen R. 

Sponsoring Org.: National Science Foundation, ANI , 4201 Wilson Boulevard , Arlington , Virginia 
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Dates: 20000701 To 20040630 Fy : 2000 Funds: $1,999,850 ( 1000000 ) 

Summary: This is an.NSF CAREER/PECASE grant proposal for research into a new Architecture for 
wide-area, Dynamic Adaptive Systems (ADAS). The decreasing cost of computing and networking 
technology and network-enabled devices is enabling the large-scale deployment of a wide-area 
infrastructure that operas many, new and innovative services (e.g., a service that allows a user to control the 
lights in a room). Unfortunately, wide-area network deployment has not yielded the expected 
improvements in access to new and existing devices, services, and networks. Each of these areas faces 
significant problems: end devices that are more powerful than earlier generations, but are still very limited 
and fragile relative to their fixec} counterparts; many services are developed with the static assumption of 
high-bandwidth and low-latency networks and thus perform poorly in the low bandwidth, high-latency 
wide-area environment; networks that have different capabilities (e.g., bandwidth, latency, cost, coverage) 
making reconciliation of these differences difficult for many services. This CAREER grant proposal 
addresses two key problems of wide-area services: (1) Dynamically adapting to the current conditions and 
environment at each level of the service and network, and (2) Locating the appropriate service for a task. 
Adaptive systems are a necessary response to the significant performance problems associated with 
accessing services in the wide-area. A dynamically adaptive system continually changes based upon 
changing conditions at multiple levels: link, network, and service, yielding a significant improvement in the 
perfor- mance and usability of services. Most networks make a fixed tradeoff between reasonable 
performance under worst-case conditions and performance under best-case conditions. However, for a 
fixed design point, best-case performance usually suffers. Previous research efforts have primarily focused 
on only one aspect of adaptation. What makes this grant proposal unique is a plan for developing a new 
architecture that supports novel, dynamically adaptive services and enables anywhere, anytime, any mode 
access to services. The first step is to produce software tools, applied theoretical and simulation results, and 
an experimental testbed, all of which will aid researchers working with new models for wide-area service 
construction, deployment, and access. The second step is to use more mature versions of these tools in a 
large-scale experiment focused on two areas: improving the undergraduate and graduate academic 
experience in two courses and providing new undergraduate research opportunities in the intersection 
between mobile computing, wireless networking, and wireless telephony. This work builds upon the our 
research in the following areas: (1) Information Exposure and Multi-level Dynamic Adaptation. A key 
enabler for adaptation is the exposure of metadata between link, network, and service levels (e.g., a service 
can inform the link layer of its latency and reliability quirements). This technique will depend upon the 
development of theoretical models for the predicted state of a wireless link, upon based upon extensive 
experimental and simulation research. (2) Providing high-performance, wide-area access to services. The 
researcher strongly believes that "Access is the killer application." Decoupling user interfaces from 
communication and dynamic adaptation are the keys to delivering high-performance. (3) Large-Scale 
Deployment of Wide- Area Information Access. An important component of the research is conducting 
large-scale testbed experiments in both research and academic settings. Graduate and undergraduate 
students will be included in the project's research by leveraging the significant hardware and software 
testbed being deployed by related projects at UC Berkeley. These research directions will work together in 
a synergistic fashion, where theoretical, analytical 
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Text: 

...make it even easier to analyze network performance. Eventually, it will 
be possible for test systems to trigger automatic 
adjustments to the network to prevent many problems and 
shutdowns from ever occurring. 

Why RDT? 

Most service providers offer service-level agreements (SLAs) and, unless 
the parameters of an SLA are verified, customers may not 
really be receiving the full benefits of the service offering... 
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...service, future-looking, end-to-end solution." 

"We understand the challenge facing our customers to 
dynamically reconfigure their networks to handle the 
explosive growth of data, while at the same time leverage the investment... 

...integrate and provide the core infrastructure of these next generation 

IP networks. The key hardware elements of this contract are 

Nortel Networks' new scalable XA Core processor; and the DMS SuperNode Data 

Manager for... 
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Alerting Abstract US Bl 

NOVELTY - A security service provider is selected to provide a secure communication between the 
applications. A security-related event such as run-time error is detected during secure communication. 
Another security service provider is selected when security-related event is detected, and the selected 
service provider is executed on the host different from the host of other service providers. 
DESCRIPTION - INDEPENDENT CLAIMS are also included for the following: 

30. computer program product for managing use of security service providers; and 

3 1 . security service provider management system. 

USE - For managing use of security service provider for providing secure network communication between 
the applications. 

ADVANTAGE - Improves the fault tolerant capability and flexibility, by dynamically changing the service 
providers. 

DESCRIPTION OF DRAWINGS - The figure shows a schematic view of the secure communication 
system. 



[File 2] INSPEC 1898-2008/Jan W2 

(c) 2008 Institution of Electrical Engineers. All rights reserved. 
[File 6] NTIS 1964-2008/Feb W3 

(c) 2008 NTIS, Intl Cpyrght All Rights Res. All rights reserved. 

[File 8] Ei Compendex(R) 1 884-2008/Jan W4 

(c) 2008 Elsevier Eng. Info. Inc. All rights reserved. 

[File 23] CSA Technology Research Database 1963-2008/Jan 
(c) 2008 CSA. All rights reserved. 

[File 34] SciSearch(R) Cited Ref Sci 1990-2008/Feb W3 
(c) 2008 The Thomson Corp. All rights reserved. 

[File 35] Dissertation Abs Online 1861-2007/Oct 
(c) 2007 ProQuest Info&Learning. All rights reserved. 

[File 65] Inside Conferences 1993-2008/Feb 14 
(c) 2008 BLDSC all rts. reserv. All rights reserved. 

[File 95] TEME-Technology & Management 1989-2008/Feb Wl 
(c) 2008 FIZ TECHNIK. All rights reserved. 

[File 99] Wilson Appl. Sci & Tech Abs 1983-2008/Jan 
(c) 2008 The HW Wilson Co. All rights reserved. 

[File 111] TGG Natl.Newspaper Index(SM) 1979-2008/Jan 29 
(c) 2008 The Gale Group, All rights reserved. 

[File 1 44] Pascal 1 973-2008/Feb W 1 

(c) 2008 INIST/CNRS. All rights reserved. 

[File 256] TecInfoSource 82-2008/Dec 

(c) 2008 Info.Sources Inc. All rights reserved. 

[File 266] FEDRIP 2007/Nov 

Comp & dist by NTIS, Intl Copyright All Rights Res. All rights reserved. 

[File 434] SciSearch(R) Cited Ref Sci 1974-1989/Dec 
(c) 2006 The Thomson Corp. All rights reserved. 

[File 239] Mathsci 1940-2008/Feb 

(c) 2008 American Mathematical Society. All rights reserved. 

[File 474] New York Times Abs 1969-2008/Feb 14 
(c) 2008 The New York Times. All rights reserved. 

[File 475] Wall Street Journal Abs 1 973-2008/Feb 14 
(c) 2008 The New York Times. All rights reserved. 

[File 583] Gale Group Globalbase(TM) 1986-2002/Dec 13 

(c) 2002 The Gale Group. All rights reserved. 

*File 583: This file is no longer updating as of 12- J 3-2002. 



;ds 

Set Items Postings Description 

51 20 20 S AU=(BENZINGER L? OR BENZINGER, L?) 

52 1 09 1 09 S AU=(FEIERTAG R? OR FEIERTAG, R?) 



53 1037 1038 S AU=(RHO J? OR RHO, J?) 

54 0 0 SSI AND S2 AND S3 

55 17 68 SS1:S3 AND (DYNAMIC? OR ADAPT?)(3N)(NETWORK? OR SYSTEM?) 

56 7 27 RD (unique items) 



6/5/2 (Item 2 from file: 2) Links 
INSPEC 

(c) 2008 Institution of Electrical Engineers. All rights reserved. 
09539568 INSPEC Abstract Number: C2005-09-6 170-060 
Title: Policy migration in large agent-based systems 
Author Feiertag, R.; Rho, J.; Redmond, T. 

Author Affiliation: Cougaar Software, Inc., Mountain View, CA, USA 

Conference Title: 2005 International Conference on Integration of Knowledge Intensive Multi-Agent 
Systems (IEEE Cat. No.05EX1033) p. 103-8 
Editor(s): Thompson,C; Hexmoor,H. 
Publisher: IEEE , Piscataway, NJ, USA 

Publication Date: 2005 Country of Publication: USA xi+643 pp. 
ISBN: 0 7803 90 1 3 X Material Identity Number: XX-2005-0067 1 
U.S. Copyright Clearance Center Code: 0 7803 9013 X/2005/S20.00 

Conference Title: 2005 International Conference on Integration of Knowledge Intensive Multi-Agent 
Systems 

Conference Sponsor: IEEE Boston Sect 

Conference Date: 18-21 April 2005 Conference Location: Waltham, MA, USA 

Language: English Document Type: Conference Paper (PA) 
Treatment: Practical (P) 

Abstract: The Cougaar agent architecture provides mechanisms for implementing a scalable, survivable 
system. Policy is the primary means for coordinating and controlling many of the defensive mechanisms of 
the Cougaar infrastructure. Policy also provides the primary means by which the system adapts and 
responds to changing conditions and attacks. We describe the policy mechanism in Cougaar and how it is 
used in defending the system. We describe several issues in scaling the policy mechanism to large agent 
societies and how we addressed these issues in Cougaar. We also describe some remaining issues and 
possible approaches to addressing these. ( 4 Refs) 
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Abstract: The intrusion detection inter-component adaptive negotiation (IDIAN) project has developed a 
negotiation protocol to allow a distributed collection of heterogeneous intrusion detection (ID) components 
to inter-operate and reach agreement on each other's ID information processing capabilities and needs. The 
negotiation, moreover, is dynamic, so the information generated and processed can evolve as the intrusion 
detection system (IDS) evolves and as the environment changes. This paper describes IDIAN extensions to 
the common intrusion specification language (viz., GIDO filters), the negotiation protocol itself, a load 
model used to measure computing load on a system due to the use of ID services, and a demonstration of 
the protocol. (Author abstract) 9 Refs. 
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